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- Extensions of time may be available under the provisions of 37 CFR 1 .136(a). In no event, however, may a reply be timely filed 
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1)13 Responsive to communication(s) filed on 07 November 2007 . 
2a)|3 This action is FINAL. . 2b)n This action is non-final. 

3) n Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1 935 CD. 1 1 , 453 O.G. 21 3. 
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Application Papers 

9) 0 The specification is objected to by the Examiner. 

10) 0 The drawing(s) filed on is/are: a)n accepted or b)^ objected to by the Examiner. 
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Response to Amendment 

This Office Action is in response to a communication made on November 7, 

2007. 

The Information Disclosure Statements filed October 29, 2007 and November 13, 
2007 has been considered. 

Claims 1-9 and 28 have been cancelled. 

Claims 29-35 have been newly added. 

Claims 10-27 have been amended. 

Claims 10-27 and 29-35 are pending in this application. 



Claim Objections 

Claims 30 and 32 are objected to because of the following informalities: It 
appears in both claims that "first" is misspelled by "firs". Appropriate correction is 
required. 

In the interest of expedited prosecution, the Examiner would like to note that 
several of the present claims (i.e., 10, 18/and 21) use functional language to describe 
claim elements. For example, the terms "configured for", "configured to", "enabled for", 
"adapted for", and "adapted to" raise questions as to the limiting effect of the functional 
language that follows them. The Examiner recommends amending the claims to contain 
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positive recitations of the actions performed by the claim elements, rather than merely 
stating that the elements are "configured to" perform some future act. In the event that a 
hardware element is intended to contain software, which when executed, causes the 
hardware element to perform a function, the language of the claim should clearly 
express that relationship. 

In the interest of expedited prosecution, all of these limitations have been 
rejected below, but Applicant is encouraged to amend the system/apparatus claims so 
that the claimed functions are positively recited, to ensure that those limitations may be 
given patentable weight. 

Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

Claims 10-27 jand 29-35 are rejected under 35 U.S.C. 103(a) as being 

unpatentable over Misra (5757920) in view of Rai (6421714). 

Regarding claims 10, 18 and 21, Misra teaches a method for providing access 
management comprising: 
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(a) authenticating access privileges of a user to a first (Column 7, lines 53 - 65) 
and a second server machine (Column 5, lines 10-21) whereby the first and second 

server machine are configured to comprise a secured item (Column 5. lines 10-14) ; 
and 

Misra does not explicitly indicate preventing access to a first one of the first and 
the second server machine while the user is accessing a second one of the first and 
second server machine . 

Rai teaches a system of a mobile user where if the user leaves the access point 
of a first server and enters the access of a second server (Column 6, lines 38 - 51 ), the 
user start issuing commands to the new server and the system reconfigures the second 
server to handle the user requests (Column 8, lines 36 - 44) and deletes the user's 
access to the first server (Column 8, lines 42 - 44) thus with no access ability to the first 
server, than access is prevented unless the user is then reconfigured to access the first 
server. 

It would have been obvious to one of ordinary skill in the art at the time the 
invention was made to use Rai's teaching of handing-off user access to Misra's 
teaching in order to support Misra's secure login to the network, while allowing that 
security to be passed to a new access point without having to re-authenticate the user. 

Regarding claims 29, 31, and 34, Misra teaches the method as recited in claims 
10, 18, and 21, wherein step (a) comprises: 
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(a1 ) authenticating the user with the first server machine with respect to a 
previous access request (Column 7, lines 53 - 65); 

(a2) subsequently receiving a current access request via the second server 
machine (Column 5, lines 10-21); and 

(a3) authenticating the user with the second server machine with respect to the 
current access request (Column 5, lines 10-21, where the user roams into a second 
domain). 

Regarding claims 30, 32, and 35, Misra teaches the method as recited in claims 
29, 31, and 34, 

Misra does not explicitly indicate that wherein step (b) comprises: 

(b1 ) upon receiving the current access request via the second server machine, 
identifying a first local module previously supporting the user at the first server machine; 

(b2) reconfiguring the first local module at the first server machine to remove 
support for the user at the firs server machine; 

(b3) identifying a second local module to support the user at the second server 
machine; and 

(b4) reconfiguring the second local module at the second server machine to add 
support for the user at the second server machine. 

Rai teaches a system of a mobile user where if the user leaves the access point 
of a first server and enters the access of a second server (Column 6, lines 38 - 51 ), the 
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user start issuing commands to the new server and tlie system reconfigures tine second 
server to handle the user requests (Column 8, lines 36 - 44) and deletes the user's 
access to the first server (Column 8, lines 42 - 44). 

It would have been obvious to one of ordinary skill in the art at the time the 
invention was made to use Rai's teaching of handing-off user access to Misra's 
teaching in order to support Misra's secure login to the network, while allowing that 
security to be passed to a new access point without having to re-authenticate the user. 

Regarding claims 11, 22, and 25, Misra teaches a method as recited in claims 

29, 31 , and 21 , wherein step (a1 ) authenticates both the user and a client machine 
being used by the user (Column 4, line 66 - Column 5, line 9). 

Regarding claims 12 and 26, Misra teaches a method as recited in claims 29 
and 21 , wherein the first and the second server machine are access points for the user 
to gain access to the secured item (Column 5, lines 10-14). 

Regarding claims 13 and 23, Misra teaches a method as recited in claims 29 
and 32, wherein when the user is at a first location, the user interacts over a network 
with the first server machine, and when the user is at a second location, the user 
interacts over a network with the second server machine using a second client machine 
at the second location (Column 5, lines 10-21). 

Regarding claims 14, 20, and 27, Misra teaches a method as recited in claims 

30, 32, and 35, wherein said method further comprises: determining, prior to steps (b1), 
(b2), (b3), and (b4), whether the. user is permitted to gain access from a second location 
to the secured item via the second server machine (Column 5, lines 10-16). 



Application/Control Number: Page 7 

10/076,181 

Art Unit: 2153 

Regarding claim 15, Misra teaches a method as recited in claim 39, wherein 
said step (a1 ) occurs while the user is at a first location, and wherein step (a2) occurs 
while the user is at a second location (Column 5, lines 10 - 21 , wherein the system has 
a home location with maintains the credentials and authorization, which is then 
distributed through the server system). 

Regarding claims 16 and 24, Misra teaches a method as recited in claims 17 
and 33, wherein said method further comprises: 

(a4) upon receiving the current access request to access the secured item via 
the second server machine , determining permitted locations from which the user is 
permitted to access to the secured item; 

(a5) determining, whether the second location is one of the permitted locations 
for the user; and 

(a6) bypassing steps (b1), (b2), (b3), and (b4) when step (a5) determines that the 
second location is not one of the permitted locations for the user (Column 5, lines 10 - 
21). 

Regarding claims 17, 19, and 33, Misra teaches a method as recited in claims 
30, 31, and 32, wherein: 

when the user is at the first location, the user interacts over a network with the 
first server machine using a first client machine at the first location, and 

when the user is at the second location, the user interacts over a network with 
the second server machine using a second client machine at the second location 
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(Column 3, line 67 - Column 4, line 7; Column 4, line 66 - Column 5, line 2; Column 5, 
lines 10-19, wherein the user and machine locations are roaming in the system and 
which ever domain the user/machine combination logs in at it connects to that domains 
controller which is the same location as the machine location). 

Response to Arguments 

Applicant's arguments filed November 7, 2007 have been fully considered but 
they are not persuasive. 

The applicant argues that the combination of Misra and Rai does not disclose 
preventing access to the first server machine when the second server machine is being 
used to access the secure item. The examiner disagrees, the combination of Misra and 
Rai teach a roaming user that travels from a first domain to another (Misra, Column 1, 
lines 15-35) which includes the hand-off teaching of Rai, that when the user enters a 
new zone or domain, it creates a new session and deletes the old one (Column 8, lines 
36 - 44). The idea that the session and certificate between the user and the first 
domain gets removed means that the user can no longer use the first server or domain 
for access unless ether the user creates another hand-over to the old domain, or 
authenticates himself. These steps show that the user is being prevented access 
through that server unless he is being re-authenticated or additional steps are 
performed to move his session once again. 



Conclusion 
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THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the mailing date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Kevin Bates whose telephone number is (571) 272- 
3980. The examiner can normally be reached on 9 am - 5 pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor. Glen Burgess can be reached on (571) 272-3949. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 




Kevin Bates 
January 1 1 , 2008 
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